From: Daniel P. Berrange <berrange@redhat.com>
Date: Mon, 1 Jul 2013 16:41:21 +0000 (+0100)
Subject: Ignore failure to mount SELinux filesystem in container
X-Git-Tag: CVE-2013-2230~88
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=293f71702859a429e88510d2aded860e879bfa87;p=thirdparty%2Flibvirt.git

Ignore failure to mount SELinux filesystem in container

User namespaces will deny the ability to mount the SELinux
filesystem. This is harmless for libvirt's LXC needs, so the
error can be ignored.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index d9734b50ff..b37300b16d 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -741,6 +741,12 @@ static int lxcContainerMountBasicFS(void)
         VIR_DEBUG("Mount %s on %s type=%s flags=%x, opts=%s",
                   srcpath, mnts[i].dst, mnts[i].type, mnts[i].mflags, mnts[i].opts);
         if (mount(srcpath, mnts[i].dst, mnts[i].type, mnts[i].mflags, mnts[i].opts) < 0) {
+#if WITH_SELINUX
+            if (STREQ(mnts[i].src, SELINUX_MOUNT) &&
+                (errno == EINVAL || errno == EPERM))
+                continue;
+#endif
+
             virReportSystemError(errno,
                                  _("Failed to mount %s on %s type %s flags=%x opts=%s"),
                                  srcpath, mnts[i].dst, NULLSTR(mnts[i].type),